Nitol botnet
The Nitol botnet is a botnet mostly involved in spreading malware and distributed denial-of-service attacks. [1][2]
History
The Nitol Botnet was first discovered around December 2010, with analysis of the botnet indicating that the botnet is mostly prevalent in China where an estimate 85% of the infections are detected. [3][4] In China the botnet was found to be present on systems that came brand-new from the factory, indicating the trojan was installed somewhere during the assembly and manufacturing process.[5] According to Microsoft the systems at risk also contained a counterfeit installation of Microsoft Windows [3]
On 10 September 2012 Microsoft took action against the Nitol Botnet by obtaining a court order and subsequently Sinkholing the 3322.org domain. [6][7] The 3322.org domain is a Dynamic DNS which was used by the botnet creators as a command and control infrastructure for controlling their botnet. [8]. Microsoft later settled with 3322.org operator Pen Yong, which allowed the latter to continue operating the domain on the condition that any subdomains linked to mallware remain sinkholed.[9]
See also
References
- ^ Gonsalves, Antone. "Compromised Windows PCs bought in China pose risk to U.S." Networkworld. Retrieved 27 December 2012.
- ^ Plantado, Rex (15 Oct 2012). "MSRT October '12 - Nitol: Counterfeit code isn't such a great deal after all". Microsoft. Microsoft Technet. Retrieved 27 December 2012.
- ^ a b Plantado, Rex (22-oct-2012). "MSRT October '12 - Nitol by the numbers". Microsoft. Microsoft Technet. Retrieved 27 December 2012.
{{cite web}}
: Check date values in:|date=
(help) - ^ Mimoso, Michael (September 13, 2012). "Microsoft Carries out Nitol Botnet Takedown". Threatpost. Retrieved 27 December 2012.
- ^ "Microsoft Report Exposes Malware Families Attacking Supply Chain". BBC. Retrieved 27 December 2012.
- ^ Leyden, John (13th September 2012). "Microsoft seizes Chinese dot-org to kill Nitol bot army". The Register. Retrieved 27 December 2012.
{{cite web}}
: Check date values in:|date=
(help) - ^ Jackson Higgins, Kelly (Sep 13, 2012). "Microsoft Intercepts 'Nitol' Botnet And 70,000 Malicious Domains". Dark Reading. Retrieved 27 December 2012.
- ^ Ollmann, Gunter (September 13th, 2012). "Nitol and 3322.org Takedown by Microsoft". Damballa. Retrieved 27 December 2012.
{{cite web}}
: Check date values in:|date=
(help) - ^ Leyden, John (4th October 2012). "Chinese Nitol botnet host back up after Microsoft settles lawsuit". The Register. Retrieved 27 December 2012.
{{cite web}}
: Check date values in:|date=
(help)
External links
- Analysis of the Nitol Botnet, created by Microsoft as part of Operation b70